Sensitive Data Exposure

This risk involves the inadequate protection of sensitive data, such as passwords, financial information, or personal identifiable information (PII). If this data is not properly encrypted or protected, it can be accessed by attackers.

# Vulnerable code (transmitting sensitive data over unencrypted channel)
loginData = {
    "username": request.getParameter("username"),
    "password": request.getParameter("password")
}
httpClient.post("http://example.com/login", data=loginData)

# Secure code (transmitting sensitive data over encrypted channel, e.g., HTTPS)
loginData = {
    "username": request.getParameter("username"),
    "password": request.getParameter("password")
}
httpClient.post("https://example.com/login", data=loginData)

PreviousBroken Authentication NextXML External Entities (XXE)

Last updated 2 years ago

Sensitive Data Exposure

# Vulnerable code (transmitting sensitive data over unencrypted channel)
loginData = {
    "username": request.getParameter("username"),
    "password": request.getParameter("password")
}
httpClient.post("http://example.com/login", data=loginData)

# Secure code (transmitting sensitive data over encrypted channel, e.g., HTTPS)
loginData = {
    "username": request.getParameter("username"),
    "password": request.getParameter("password")
}
httpClient.post("https://example.com/login", data=loginData)

PreviousBroken Authentication NextXML External Entities (XXE)

Last updated 2 years ago